[SECURITY] [DLA 2752-1] squashfs-tools security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2752-1] squashfs-tools security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 31 Aug 2021 17:30:15 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2108311729140.16263@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2752-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 31, 2021                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : squashfs-tools
Version        : 1:4.3-3+deb9u2
CVE ID         : CVE-2021-40153

An issue has been found in squashfs-tools, a tool to create and append tosquashfs filesystems.As unsquashfs did not validate all filepaths, it would allow writingoutside of the original destination.



For Debian 9 stretch, this problem has been fixed in version
1:4.3-3+deb9u2.

We recommend that you upgrade your squashfs-tools packages.

For the detailed security status of squashfs-tools please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squashfs-tools

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEuZydfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeyhg//fIxj/f8B71Fu/chMYdBdvhWLsXjwbO8P+iA80+MDviSuo3BXKsOWBeXV
Xb0FPTN4s5nYhc8N78wbnkSkyLLtoCOXmXwcPr53/kEvQ4OPv4j1xulDj2WuLLdU
wgdllrmlcAZPWxFCZLDUNKoNam7DFnEcPCY1Zxd4NNOZetMhAoJyMvpFMXQj9DMr
+4VeLd8qfxryXhsJtlDOotjCtB23JfXw3ht83uHPTtIW2GFhyzn+8lngcRYf2Moe
yKHUTj9m9mE8IUsIV5UlR99Pb5stZCERuHlrOrdV4jqWu+2vkl4YcD4J2nKAcpmK
s/sklXE2zlN2LDh3gButo8FY88T2vLo8itk4RieqCKz4LeMnxPBwQE7xiTLMdpcX
eCiDqQTg1RhU5tKMSi/0PgVhE1BmmcXEiNyxljFs2fykLpe/k+hJgPOlCsVNtjah
Ar2GehO4kXgd/YI2wLPOT0Cc8aYX6iEaHlwtOK9avomK/rXtIHYknqMXJGjgzDE4
3E14N2cUkgsWzeqihuG/paFtsdhSSNiLzLQDvEQAInuJhTM85f9M3RAcMV0E93Mk
6TI7lRhtS3z4Dfg/Loo0bQ50K9GN4IaWxtNdG1V9quBNuqzES0clZvyut1EPcrLD
G4eTFe/fh3O3fX1gy2TXTjdXVGK5YNknEdAW4/vz0lWlxDQqqW8=
=vEaf
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2751-1] postgresql-9.6 security update
Previous by thread: [SECURITY] [DLA 2751-1] postgresql-9.6 security update
Index(es):
- Date
- Thread